Enabling Conan audit command (#182)

jfrog · Sep 26, 2024 · 6356c7f · 6356c7f
1 parent b57c625
commit 6356c7f
Show file tree

Hide file tree

Showing 2 changed files with 33 additions and 0 deletions.
diff --git a/audit_test.go b/audit_test.go
@@ -65,6 +65,36 @@ func testAuditNpm(t *testing.T, format string, withVuln bool) string {
 	return securityTests.PlatformCli.RunCliCmdWithOutput(t, args...)
 }
 
+func TestXrayAuditConanJson(t *testing.T) {
+	output := testAuditConan(t, string(format.Json), true)
+	securityTestUtils.VerifyJsonScanResults(t, output, 0, 8, 2)
+}
+
+func TestXrayAuditConanSimpleJson(t *testing.T) {
+	output := testAuditConan(t, string(format.SimpleJson), true)
+	securityTestUtils.VerifySimpleJsonScanResults(t, output, 0, 8, 2)
+}
+
+func testAuditConan(t *testing.T, format string, withVuln bool) string {
+	securityTestUtils.InitSecurityTest(t, scangraph.GraphScanMinXrayVersion)
+	tempDirPath, createTempDirCallback := coreTests.CreateTempDirWithCallbackAndAssert(t)
+	defer createTempDirCallback()
+	conanProjectPath := filepath.Join(filepath.FromSlash(securityTestUtils.GetTestResourcesPath()), "projects", "package-managers", "conan")
+	// Copy the conan project from the testdata to a temp dir
+	assert.NoError(t, biutils.CopyDir(conanProjectPath, tempDirPath, true, nil))
+	prevWd := securityTestUtils.ChangeWD(t, tempDirPath)
+	defer clientTests.ChangeDirAndAssert(t, prevWd)
+	// Run conan install before executing jfrog audit
+	assert.NoError(t, exec.Command("conan").Run())
+	watchName, deleteWatch := securityTestUtils.CreateTestWatch(t, "audit-policy", "audit-watch", xrayUtils.High)
+	defer deleteWatch()
+	args := []string{"audit", "--licenses", "--format=" + format, "--watches=" + watchName, "--fail=false"}
+	if withVuln {
+		args = append(args, "--vuln")
+	}
+	return securityTests.PlatformCli.RunCliCmdWithOutput(t, args...)
+}
+
 func TestXrayAuditPnpmJson(t *testing.T) {
 	output := testXrayAuditPnpm(t, string(format.Json))
 	securityTestUtils.VerifyJsonScanResults(t, output, 0, 1, 1)

diff --git a/commands/audit/scarunner.go b/commands/audit/scarunner.go
@@ -5,6 +5,7 @@ import (
 	"errors"
 	"fmt"
 	"github.com/jfrog/build-info-go/utils/pythonutils"
+	"github.com/jfrog/jfrog-cli-security/commands/audit/sca/conan"
 	"github.com/jfrog/jfrog-client-go/utils/io/fileutils"
 	"golang.org/x/exp/slices"
 
@@ -247,6 +248,8 @@ func GetTechDependencyTree(params xrayutils.AuditParams, artifactoryServerDetail
 		depTreeResult.FullDepTrees, uniqueDeps, err = npm.BuildDependencyTree(params)
 	case techutils.Pnpm:
 		depTreeResult.FullDepTrees, uniqueDeps, err = pnpm.BuildDependencyTree(params)
+	case techutils.Conan:
+		depTreeResult.FullDepTrees, uniqueDeps, err = conan.BuildDependencyTree(params)
 	case techutils.Yarn:
 		depTreeResult.FullDepTrees, uniqueDeps, err = yarn.BuildDependencyTree(params)
 	case techutils.Go: